You are here: Home > Rogue System Utilities
Archive | Rogue System Utilities RSS feed for this section

System Restore Rogue (Fake Utility)

One of the guys from work brought in his wife’s computer.  He was sure that the hard drive was bad.

Look!  It’s a Rogue pretending to be part of Windows and not a third party product.  This increases the trust factor and thus increases the chance of them buying “this feature”.

I was able to remove this rogue system utility  and secure the OS using the following steps: 

  1. Starting the PC in safemode with networking.
  2. Ran GMER.  GMER detected traces of an MBR Rootkit.
  3. Ran TDSS Killer and turned on additional scan options.
  4. Removed a TDSS File System. 
  5. Installed Malwarebytes and removed the rogue and some registry entries.
  6. Installed lot’s of missing Windows Updates
  7. Installed latest version of Java 
  8. Removed expired McAfee and installed Microsoft Security Essentials. 
Enjoy some more photo-age…

 

 

 

 

 

 

 

 

 

 



Read full story · Comments { 19 }

Rogue Windows System Utilities – Hang On To Yer Wallets Folks

Malware authors are continuing to bombard unsuspecting PC users with fake anti-virus that’s designed to scare them into purchasing the fake software, thus handing over their identities on a “silver platter”.

Seeing how successful rogue anti-virus has become malware authors are broadening their collection of fake software.  The latest fake software to scare and swindle PC users are fake system utilities.

These fake system utilities are exactly the same as the rogue anti-virus applications in the following ways:

  • they get installed to the currently logged on user’s profile (usually in a hidden folder)
  • folder names are random letters and/or numbers
  • single .exe, again using random letters and/or numbers (rarely, they will use a fake name like “microsoft network service” for example)
  • set to load at boot time (observed via looking at msconfig)
  • modifies .exe registry entries (double clicking any .exe loads the rogue instead)
  • rootkits may or may not be present

Here are the steps I took to remove the HDD Diagnostic Rogue:

  1. Reboot the computer into UBCD4Win Environment
  2. Replace Beep.sys with a legit, un-patched one.
  3. Manually deleted the rogue from the users temporary folders (malwarebytes did NOT detect this rogue).
  4. Ran a few regedit commands to fix the .exe associations.
  5. Installed Kaspersky Internet Security for user.

Below are some screen shots of the HDD Diagnostic Rogue…

HDD Diagnostic Rogue

The HDD Diagnostic Rogue

Fake Warnings To Scare Users

Fake Warnings To Scare Users

More fake messages

More fake messages

No hard drive activity at all

No hard drive activity at all

please activate your software

Please activate your software = give your cash and ID

Rogue Location

Rogue Location

Rootkit that prevents anything from running except the rogue

Rootkit that prevents anything from running except the rogue

Read full story · Comments { 8 }

Remove-Malware Traffic Stats